Security
SSL Certificate
Enable secure connections between AIR Console and users/assets by using SSL encryption.
Certificate: This displays the SSL certificate details used by AIR for secure HTTPS communication. In this case, the certificate is issued by Let's Encrypt (Issuer: Let's Encrypt, Common Name: R3) and is valid for a specific period (e.g., from 2022.09.18 to 2022.12.17).
Subject: The Common Name (CN) field shows the domain (e.g., air-demo.binalyze.com) to which the certificate applies.
Having an SSL certificate ensures that all communications between users and the AIR Console are encrypted, preventing unauthorized access to sensitive information.
SSL Root CA
Acts as the root certificate authority (CA) for issuing certificates if a custom SSL certificate is not provided.
Binalyze AIR generates an SSL Root CA for each instance when a custom certificate isn’t supplied. This certificate is used to create secure communication channels within the system.
Issuer and Subject: Both are BINALYZE R1, ensuring that the root certificate is tied to the Binalyze platform.
Validity: The root CA certificate is valid from 2017.10.14 until 2100.10.14, ensuring long-term use and security.
Console Port
Define the port over which the AIR Console is accessible.
The AIR Console is configured to be accessed on port 8443, which is a secure port typically used for HTTPS traffic.
Meanwhile, responders will continue to communicate with the console over the default secure port 443. This setup ensures that assets and users can access the platform via separate but secure ports, enhancing security and flexibility.
IP Restriction
Restrict access to the AIR Console based on IP addresses.
This feature allows administrators to restrict access to the AIR Console to a specific range of IP addresses, limiting who can interact with the console.
Important: This restriction does not affect communication between the AIR Console and the assets themselves. It only controls who can access the console’s user interface.
The current IP address of the user accessing the system (e.g., 172.71.122.69) is displayed for reference.
Authentication
Configure user authentication security settings.
You can enforce Two-Factor Authentication (2FA) for all users, adding an extra layer of security by requiring a second form of verification (e.g., a mobile app code) when logging in. (SSO will override this option)
This setting enhances overall security by ensuring that only authenticated and verified users can access the system.
Single Sign-On (SSO)
Enable and configure Single Sign-On (SSO) for AIR.
SSO allows users to log in to AIR using their organization’s existing identity provider (e.g., Azure AD, Okta) without needing separate credentials. This simplifies the login process and enhances security by centralizing authentication management.
Tenant ID and Client ID: These are provided by the SSO identity provider (e.g., Azure, Okta) and uniquely identify the organization’s SSO configuration.
Client Secret: A secure key used for authenticating the connection between AIR and the SSO provider (shown as encrypted in the system).
Callback URL: This is the URL (e.g.,
https://air-demo.binalyze.com/api/auth/sso/azure/callback) where users are redirected after successful authentication via SSO. It ensures that users are logged into the AIR platform after authenticating through the identity provider.Entry Point and Issuer: These fields are also part of the SSO configuration, ensuring that AIR communicates correctly with the identity provider.
Certificate: Uploading a certificate from the identity provider is necessary for secure communication between AIR and the SSO service.
SSO improves user management and security by centralizing login credentials with your existing identity provider, simplifying the user experience while ensuring strong authentication practices.
Last updated
Was this helpful?